Verify That the Log Decoder Is Set Up

Please refer to the Log Decoder Configuration Guide for instructions on how to configure the Log Decoder.

Add a Local Collector

You add a Local Collector by adding the Log Collector service to a Log Decoder host in Security Analytics as explained in the following procedure.

In the Security Analytics menu, select Administration > Services.

Open the Add Service dialog by clicking > Log Collector.

Define the details of the Log Collection service on a Local Collector.

Click Test Connection. If the connection is valid you will see Test connection successful. If the connection fails you will see Fail. If it failed, make sure that the Log Decoder host is running and that you have entered the correct information on the Add Service dialog and click Save again.

Add a Remote Collector (Optional)

You add a Remote Collector by adding the Log Collector service to a remote host as explained in the following procedure.

Note: Before you add a Windows Legacy Remote Collector, you must install the Security Analytics Legacy Windows Collector on a physical or virtual Windows 2008 SP1 64-bit server using the SALegacyWindowsCollector-version-number.exe. You download the SALegacyWindowsCollector-version-number.exe from SCOL (please refer to the Microsoft Windows Legacy Windows Eventing Configuration Guide for instructions.)

In the Security Analytics menu, select Administration > Services.

Open the Add Service dialog by clicking > Log Collector.

Define the details of the Log Collection service on a Remote Collector and click Save. You must select the Remote checkbox.

Click Test Connection. If the connection is valid you will see Test connection successful. If the connection fails you will see Fail. If it failed, make sure that the Log Decoder host is running and that you have entered the correct information on the Add Service dialog and click Save again.